On Tue, Jan 12, 2021 at 09:46:17AM +0000, Daniel P. Berrangé wrote: > On Tue, Jan 12, 2021 at 03:44:57PM +1100, David Gibson wrote: > > Several architectures have mechanisms which are designed to protect guest > > memory from interference or eavesdropping by a compromised hypervisor. AMD > > SEV does this with in-chip memory encryption and Intel's MKTME can do > > similar things. POWER's Protected Execution Framework (PEF) accomplishes a > > similar goal using an ultravisor and new memory protection features, > > instead of encryption. > > > > To (partially) unify handling for these, this introduces a new > > ConfidentialGuestSupport QOM base class. "Confidential" is kind of vague, > > but "confidential computing" seems to be the buzzword about these schemes, > > and "secure" or "protected" are often used in connection to unrelated > > things (such as hypervisor-from-guest or guest-from-guest security). > > > > The "support" in the name is significant because in at least some of the > > cases it requires the guest to take specific actions in order to protect > > itself from hypervisor eavesdropping. > > > > Signed-off-by: David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> > > --- > > backends/confidential-guest-support.c | 30 +++++++++++++++ > > backends/meson.build | 1 + > > include/exec/confidential-guest-support.h | 46 +++++++++++++++++++++++ > > include/qemu/typedefs.h | 1 + > > target/i386/sev.c | 3 +- > > 5 files changed, 80 insertions(+), 1 deletion(-) > > create mode 100644 backends/confidential-guest-support.c > > create mode 100644 include/exec/confidential-guest-support.h > > > > diff --git a/backends/confidential-guest-support.c b/backends/confidential-guest-support.c > > new file mode 100644 > > index 0000000000..2c7793c74f > > --- /dev/null > > +++ b/backends/confidential-guest-support.c > > @@ -0,0 +1,30 @@ > > +/* > > + * QEMU Confidential Guest support > > + * > > + * Copyright: David Gibson, Red Hat Inc. 2020 > > + * > > + * Authors: > > + * David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> > > + * > > + * This work is licensed under the terms of the GNU GPL, version 2 or > > + * later. See the COPYING file in the top-level directory. > > + * > > + */ > > + > > +#include "qemu/osdep.h" > > + > > +#include "exec/confidential-guest-support.h" > > + > > +static const TypeInfo confidential_guest_support_info = { > > + .parent = TYPE_OBJECT, > > + .name = TYPE_CONFIDENTIAL_GUEST_SUPPORT, > > + .class_size = sizeof(ConfidentialGuestSupportClass), > > + .instance_size = sizeof(ConfidentialGuestSupport), > > +}; > > + > > +static void confidential_guest_support_register_types(void) > > +{ > > + type_register_static(&confidential_guest_support_info); > > +} > > + > > +type_init(confidential_guest_support_register_types) > > This should all be replaced by OBJECT_DEFINE_TYPE Ah, didn't know about that one. I also appear to be the first user... > > diff --git a/backends/meson.build b/backends/meson.build > > index 484456ece7..d4221831fc 100644 > > --- a/backends/meson.build > > +++ b/backends/meson.build > > @@ -6,6 +6,7 @@ softmmu_ss.add([files( > > 'rng-builtin.c', > > 'rng-egd.c', > > 'rng.c', > > + 'confidential-guest-support.c', > > ), numa]) > > > > softmmu_ss.add(when: 'CONFIG_POSIX', if_true: files('rng-random.c')) > > diff --git a/include/exec/confidential-guest-support.h b/include/exec/confidential-guest-support.h > > new file mode 100644 > > index 0000000000..f9cf170802 > > --- /dev/null > > +++ b/include/exec/confidential-guest-support.h > > @@ -0,0 +1,46 @@ > > +/* > > + * QEMU Confidential Guest support > > + * This interface describes the common pieces between various > > + * schemes for protecting guest memory or other state against a > > + * compromised hypervisor. This includes memory encryption (AMD's > > + * SEV and Intel's MKTME) or special protection modes (PEF on POWER, > > + * or PV on s390x). > > + * > > + * Copyright: David Gibson, Red Hat Inc. 2020 > > + * > > + * Authors: > > + * David Gibson <david@xxxxxxxxxxxxxxxxxxxxx> > > + * > > + * This work is licensed under the terms of the GNU GPL, version 2 or > > + * later. See the COPYING file in the top-level directory. > > + * > > + */ > > +#ifndef QEMU_CONFIDENTIAL_GUEST_SUPPORT_H > > +#define QEMU_CONFIDENTIAL_GUEST_SUPPORT_H > > + > > +#ifndef CONFIG_USER_ONLY > > + > > +#include "qom/object.h" > > + > > +#define TYPE_CONFIDENTIAL_GUEST_SUPPORT "confidential-guest-support" > > +#define CONFIDENTIAL_GUEST_SUPPORT(obj) \ > > + OBJECT_CHECK(ConfidentialGuestSupport, (obj), \ > > + TYPE_CONFIDENTIAL_GUEST_SUPPORT) > > +#define CONFIDENTIAL_GUEST_SUPPORT_CLASS(klass) \ > > + OBJECT_CLASS_CHECK(ConfidentialGuestSupportClass, (klass), \ > > + TYPE_CONFIDENTIAL_GUEST_SUPPORT) > > +#define CONFIDENTIAL_GUEST_SUPPORT_GET_CLASS(obj) \ > > + OBJECT_GET_CLASS(ConfidentialGuestSupportClass, (obj), \ > > + TYPE_CONFIDENTIAL_GUEST_SUPPORT) > > + > > This should all be replaced by OBJECT_DECLARE_TYPE Also done, no thanks to the incorrect documentation in docs/devel/qom.rst (it says OBJECT_DECLARE_SIMPLE_TYPE takes 4 arguments rather than 2. -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature